Insertion of Sensitive Information Into Sent Data

CVE-2025-8862

High

7/10

Summary

YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigate this, we recommend upgrading the database to a version where this information is properly redacted.

Attack Complexity: HIGH
Attack Vector: NETWORK
User Interaction: NONE
Privileges Required: NONE

CWE-201 - Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

References

Advisory Timeline

Published Aug 11, 2025

Insertion of Sensitive Information Into Sent Data

CVE-2025-8862

Summary

CWE-201 - Insertion of Sensitive Information Into Sent Data

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS